netbeacon/index.html

160 lines
6.5 KiB
HTML
Raw Normal View History

2012-12-08 13:07:32 +00:00
<!DOCTYPE html>
<html>
<head>
2013-10-26 09:07:45 +00:00
<meta charset='utf-8'>
<meta http-equiv="X-UA-Compatible" content="chrome=1">
<link href='https://fonts.googleapis.com/css?family=Chivo:900' rel='stylesheet' type='text/css'>
<link rel="stylesheet" type="text/css" href="stylesheets/stylesheet.css" media="screen" />
<link rel="stylesheet" type="text/css" href="stylesheets/pygment_trac.css" media="screen" />
<link rel="stylesheet" type="text/css" href="stylesheets/print.css" media="print" />
<!--[if lt IE 9]>
<script src="//html5shiv.googlecode.com/svn/trunk/html5.js"></script>
<![endif]-->
<title>Netbeacon by adulau</title>
2012-12-08 13:07:32 +00:00
</head>
<body>
2013-10-26 09:07:45 +00:00
<div id="container">
<div class="inner">
2012-12-08 13:07:32 +00:00
2013-10-26 09:07:45 +00:00
<header>
<h1>Netbeacon</h1>
<h2>netbeacon - monitoring your network capture, NIDS or network analysis process</h2>
</header>
2012-12-08 13:07:32 +00:00
2013-10-26 09:07:45 +00:00
<section id="downloads" class="clearfix">
<a href="https://github.com/adulau/netbeacon/zipball/master" id="download-zip" class="button"><span>Download .zip</span></a>
<a href="https://github.com/adulau/netbeacon/tarball/master" id="download-tar-gz" class="button"><span>Download .tar.gz</span></a>
<a href="https://github.com/adulau/netbeacon" id="view-on-github" class="button"><span>View on GitHub</span></a>
</section>
2012-12-08 13:07:32 +00:00
2013-10-26 09:07:45 +00:00
<hr>
2012-12-08 13:07:32 +00:00
2013-10-26 09:07:45 +00:00
<section id="main_content">
<h1>
<a name="netbeacon---monitoring-your-network-capture" class="anchor" href="#netbeacon---monitoring-your-network-capture"><span class="octicon octicon-link"></span></a>netbeacon - monitoring your network capture</h1>
2012-12-08 13:07:32 +00:00
<p>netbeacon is a set of free software tools to send beacons over
the network to test the accuracy and the precision of your network
capture framework. With netbeacon you can test the following properties
of your network capture (e.g. for honeypot packet data capture,
data interception devices, NIDS, DPI ...):</p>
<ul>
<li>How long it takes for a packet to reach your monitoring.</li>
<li>Time inconsistencies between devices.</li>
<li>Finding missing packets or its (re)ordering.</li>
<li>Watchdog to verify an operational network capture.</li>
2013-10-26 09:07:45 +00:00
</ul><h2>
<a name="netbeacon---packet-format" class="anchor" href="#netbeacon---packet-format"><span class="octicon octicon-link"></span></a>netbeacon - packet format</h2>
2012-12-08 13:07:32 +00:00
<p>The netbeacon format is a simple ASCII format encapsulated in an UDP
packet. The format is the following:</p>
<pre><code>header;epoch;sequence;hmac
</code></pre>
<ul>
<li>The current header is nb</li>
<li>The epoch value (in UTC format)</li>
<li>The sequence an unsigned integer</li>
<li>and the HMAC-SHA1 signature.</li>
</ul><p>Each message is encapsulated in UDP and by default using port 12345.</p>
<p>A pre-shared key (PSK) is agreed between the netbeacon sender
and netbeacon recipient to ensure packet integrity using HMAC (SHA1).
There is a default key "netbeacon" but we highly recommend to set your
own for your systems.</p>
2013-10-26 09:07:45 +00:00
<h3>
<a name="sample-netbeacon-messages" class="anchor" href="#sample-netbeacon-messages"><span class="octicon octicon-link"></span></a>sample netbeacon messages</h3>
2012-12-08 13:07:32 +00:00
<p>Here is a serie of 3 netbeacon messages extracted from 3 UDP packets:</p>
<pre><code> nb;1354960619;101;335540bf3dae684c3d5cd5795fd09b9097bad656
nb;1354960619;102;56fc82c066644f179b58eb84a47e577bf92adc47
nb;1354960619;103;854207f54c1c4be97bdf4cd4a0d1068731848698
</code></pre>
2013-10-26 09:07:45 +00:00
<h2>
<a name="netbeacon---usage" class="anchor" href="#netbeacon---usage"><span class="octicon octicon-link"></span></a>netbeacon - usage</h2>
2012-12-08 13:07:32 +00:00
2013-10-26 09:07:45 +00:00
<h3>
<a name="how-to-use-it" class="anchor" href="#how-to-use-it"><span class="octicon octicon-link"></span></a>How to use it?</h3>
2012-12-08 13:07:32 +00:00
<p>On a device where you able to send packets on the monitored/tapped network, you
can send beacons using nb_send.py</p>
<pre><code>python nb_send.py -s -i 3 -d 1.2.3.4
</code></pre>
<p>Where you are processing your network capture, you can run the following:</p>
<pre><code>python nb_collect.py -i dag0 | python nb_verify.py -s -t
</code></pre>
2013-10-26 09:07:45 +00:00
<h3>
<a name="nb_sendpy" class="anchor" href="#nb_sendpy"><span class="octicon octicon-link"></span></a>nb_send.py</h3>
2012-12-08 13:07:32 +00:00
<pre><code> Usage: nb_send.py [options]
Options:
-h, --help show this help message and exit
-p PSK, --psk=PSK pre-shared key used by the HMAC-SHA1 (default:
netbeacon)
-s, --storeseq store sequence and validate sequence
-i ITERATION, --iteration=ITERATION
set the number of interation for sending the netbeacon
-d DESTINATION, --destination=DESTINATION
2013-10-26 09:07:45 +00:00
set the destination(s) IPv4 address (default: 127.0.0.1)
2012-12-08 13:07:32 +00:00
-v, --verbose output netbeacon sent
</code></pre>
2013-10-26 09:07:45 +00:00
<h3>
<a name="nb_collectpy" class="anchor" href="#nb_collectpy"><span class="octicon octicon-link"></span></a>nb_collect.py</h3>
2012-12-08 13:07:32 +00:00
<pre><code> Usage: nb_collect.py [options]
Options:
-h, --help show this help message and exit
-i INTERFACE, --interface=INTERFACE
live capture on interface (default:lo)
-r FILEDUMP, --read=FILEDUMP
read pcap file
-e EXTENDED, --extended=EXTENDED
enable extended format including pcap timestamp
</code></pre>
2013-10-26 09:07:45 +00:00
<h3>
<a name="nb_verifypy" class="anchor" href="#nb_verifypy"><span class="octicon octicon-link"></span></a>nb_verify.py</h3>
2012-12-08 13:07:32 +00:00
<pre><code> Usage: nb_verify.py [options] &lt;netbeacon messages&gt;
Options:
-h, --help show this help message and exit
-t, --timedelta show timedelta
-s, --storeseq store sequence and validate sequence
-p PSK, --psk=PSK pre-shared key used by the HMAC-SHA1 (default: netbeacon)
</code></pre>
2013-10-26 09:07:45 +00:00
<h1>
<a name="license" class="anchor" href="#license"><span class="octicon octicon-link"></span></a>License</h1>
2012-12-08 13:07:32 +00:00
<p>netbeacon is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.</p>
2013-10-26 09:07:45 +00:00
<p>Copyright (c) 2012,2013 Alexandre Dulaunoy - <a href="https://github.com/adulau/">https://github.com/adulau/</a></p>
</section>
2012-12-08 13:07:32 +00:00
2013-10-26 09:07:45 +00:00
<footer>
Netbeacon is maintained by <a href="https://github.com/adulau">adulau</a><br>
This page was generated by <a href="http://pages.github.com">GitHub Pages</a>. Tactile theme by <a href="https://twitter.com/jasonlong">Jason Long</a>.
</footer>
2012-12-08 13:07:32 +00:00
2013-10-26 09:07:45 +00:00
</div>
</div>
2012-12-08 13:07:32 +00:00
</body>
2013-10-26 09:07:45 +00:00
</html>